Authentication with Crossbar.io determines if a WAMP Client is
allowed to connect and which identity it is assigned, while
authorization determines which permissions a Client is granted for
specific actions based on its identity.

WAMP transport level authentications use the underlying transport
for the WAMP session, and the result of the authentication is then
passed on to the WAMP session level (i.e. the resulting authid and
authrole are passed there).

Public Key based authentication relies on asymetric key pairs, i.e.
the router (or authentication componenet) only has knowledge of the
client’s public key (and vice versa). This has the advantage that a
compromised store of keys does not enable impersonation of the other
participant(s).

statically - the credentials stored in the Crossbar.io
configuration, or

dynamically - an authorizer component is specified which is
called and returns an authentication or denial (read
more).

The latter allows full flexibility, e.g. integration with external
authorization mechanisms, storing larger sets of authentication data in
a database of your choice.

We are planning the implementation of a storage mechanism for
credentials within Crossbar.io. This will be a secure, transactional
database which can be managed via the node management API and which
spans all authentication methods.

Authentication methods are set for a WAMP transport endpoint, and it is
possible to define multiple methods per endpoint.

As an example, the following extract from a configuration file allows
anonymous authentication (and assigns this a role public) as well as
authentication via WAMP-CRA (and defines two roles here depending on the
authid used during authentication):